diff options
author | Niels Möller <nisse@lysator.liu.se> | 2020-01-02 22:58:07 +0100 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2020-01-02 22:58:07 +0100 |
commit | 1e3410359ec202203abbc2cf06f774c5ff88e82f (patch) | |
tree | 4907c2da5a91931abf19e921de6adfc9591e6554 | |
parent | a148ed32b381a6294d0fcbd58e7198532c1bc709 (diff) | |
download | nettle-1e3410359ec202203abbc2cf06f774c5ff88e82f.tar.gz |
Use function pointer to represent eddsa dom prefix.
-rw-r--r-- | ChangeLog | 14 | ||||
-rw-r--r-- | ed25519-sha512.c | 6 | ||||
-rw-r--r-- | ed448-shake256.c | 14 | ||||
-rw-r--r-- | eddsa-internal.h | 5 | ||||
-rw-r--r-- | eddsa-sign.c | 4 | ||||
-rw-r--r-- | eddsa-verify.c | 2 |
6 files changed, 35 insertions, 10 deletions
@@ -1,6 +1,18 @@ 2020-01-02 Niels Möller <nisse@lysator.liu.se> - * eddsa-internal.h (struct ecc_eddsa): Add magic "dom" string, + * eddsa-internal.h (nettle_eddsa_dom_func): New typedef. + (struct ecc_eddsa): Use function pointer to represent eddsa dom + string. To avoid calling sha512_update with empty input for + ed25519. + * ed448-shake256.c (ed448_dom): New function, calling + sha3_256_update with the magic dom prefix. + (_nettle_ed448_shake256): Point to it. + * ed25519-sha512.c (_nettle_ed25519_sha512): Add do-nothing dom function. + + * eddsa-sign.c (_eddsa_sign): Update to use dom function pointer. + * eddsa-verify.c (_eddsa_verify): Likewise. + + * eddsa-internal.h (struct ecc_eddsa): Add magic dom string, needed for ed448. * ed25519-sha512.c (_nettle_ed25519_sha512): Empty dom string. * ed448-shake256.c (_nettle_ed448_shake256): New file and diff --git a/ed25519-sha512.c b/ed25519-sha512.c index 09d0f8a5..72c4e517 100644 --- a/ed25519-sha512.c +++ b/ed25519-sha512.c @@ -38,11 +38,15 @@ #include "nettle-types.h" #include "sha2.h" +static nettle_eddsa_dom_func ed25519_dom; + +static void ed25519_dom(void *ctx UNUSED) {} + const struct ecc_eddsa _nettle_ed25519_sha512 = { (nettle_hash_update_func *) sha512_update, (nettle_hash_digest_func *) sha512_digest, - NULL, 0, + ed25519_dom, ~(mp_limb_t) 7, (mp_limb_t) 1 << (254 % GMP_NUMB_BITS), }; diff --git a/ed448-shake256.c b/ed448-shake256.c index 4e54b2c6..25d878f0 100644 --- a/ed448-shake256.c +++ b/ed448-shake256.c @@ -39,14 +39,22 @@ #include "sha3.h" #define DOM_SIZE 10 -static const uint8_t ed448_dom[DOM_SIZE] = - { 'S', 'i', 'g', 'E', 'd', '4', '4', '8', 0, 0}; + +static nettle_eddsa_dom_func ed448_dom; + +static void +ed448_dom(void *ctx) +{ + static const uint8_t dom[DOM_SIZE] = + { 'S', 'i', 'g', 'E', 'd', '4', '4', '8', 0, 0}; + sha3_256_update (ctx, DOM_SIZE, dom); +} const struct ecc_eddsa _nettle_ed448_shake256 = { (nettle_hash_update_func *) sha3_256_update, (nettle_hash_digest_func *) sha3_256_shake, - ed448_dom, DOM_SIZE, + ed448_dom, ~(mp_limb_t) 3, (mp_limb_t) 1 << (447 % GMP_NUMB_BITS), }; diff --git a/eddsa-internal.h b/eddsa-internal.h index f7730a38..098ab39c 100644 --- a/eddsa-internal.h +++ b/eddsa-internal.h @@ -53,13 +53,14 @@ struct ecc_curve; struct ecc_modulo; +typedef void nettle_eddsa_dom_func(void *ctx); + struct ecc_eddsa { /* Hash function to use */ nettle_hash_update_func *update; nettle_hash_digest_func *digest; - const uint8_t *dom; - unsigned dom_size; + nettle_eddsa_dom_func *dom; /* For generating the secret scalar */ mp_limb_t low_mask; mp_limb_t high_bit; diff --git a/eddsa-sign.c b/eddsa-sign.c index a5970e98..05277064 100644 --- a/eddsa-sign.c +++ b/eddsa-sign.c @@ -75,7 +75,7 @@ _eddsa_sign (const struct ecc_curve *ecc, size = ecc->p.size; nbytes = 1 + ecc->p.bit_size / 8; - eddsa->update (ctx, eddsa->dom_size, eddsa->dom); + eddsa->dom (ctx); eddsa->update (ctx, nbytes, k1); eddsa->update (ctx, length, msg); eddsa->digest (ctx, 2*nbytes, hash); @@ -84,7 +84,7 @@ _eddsa_sign (const struct ecc_curve *ecc, ecc->mul_g (ecc, P, rp, scratch_out); _eddsa_compress (ecc, signature, P, scratch_out); - eddsa->update (ctx, eddsa->dom_size, eddsa->dom); + eddsa->dom (ctx); eddsa->update (ctx, nbytes, signature); eddsa->update (ctx, nbytes, pub); eddsa->update (ctx, length, msg); diff --git a/eddsa-verify.c b/eddsa-verify.c index c4e65d69..a0ffe0c4 100644 --- a/eddsa-verify.c +++ b/eddsa-verify.c @@ -106,7 +106,7 @@ _eddsa_verify (const struct ecc_curve *ecc, if (mpn_cmp (sp, ecc->q.m, ecc->q.size) >= 0) return 0; - eddsa->update (ctx, eddsa->dom_size, eddsa->dom); + eddsa->dom (ctx); eddsa->update (ctx, nbytes, signature); eddsa->update (ctx, nbytes, pub); eddsa->update (ctx, length, msg); |